package org.gridgain.internal.license;

import com.typesafe.config.Config;
import com.typesafe.config.ConfigRenderOptions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import org.apache.ignite.internal.cluster.management.topology.api.LogicalNode;
import org.apache.ignite.internal.logger.IgniteLogger;
import org.apache.ignite.internal.logger.Loggers;
import org.apache.ignite.internal.util.StringUtils;

/* loaded from: input_file:org/gridgain/internal/license/LicenseValidator.class */
class LicenseValidator {
    private static final IgniteLogger LOG;
    private static final String PUBLIC_KEY_FILE_NAME = "gg9license.cer";
    private static final String SIGN_ALG = "SHA256withDSA";
    private final PublicKey publicKey = readPublicKeyFromResources();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verify(Config config, String str, Collection<LogicalNode> collection) throws LicenseViolationException {
        if (config.isEmpty()) {
            LOG.error("Failed to find the license. Use cluster configuration to set it up.", new Object[0]);
            throw new MissingLicenseException();
        }
        verifyLicenseIntegrity(config, str);
        LicenseViolationInfo verifyLicenseViolation = verifyLicenseViolation(config, collection);
        if (!verifyLicenseViolation.getErrorMessages().isEmpty()) {
            throw new LicenseViolationException(verifyLicenseViolation.formatViolationMessage());
        }
    }

    private void verifyLicenseIntegrity(Config config, String str) throws LicenseViolationException {
        if (!$assertionsDisabled && this.publicKey == null) {
            throw new AssertionError("License manager not started yet.");
        }
        try {
            Signature signature = Signature.getInstance(SIGN_ALG);
            signature.initVerify(this.publicKey);
            signature.update(cleanDataForSignature(config).getBytes(StandardCharsets.UTF_8));
            if (!signature.verify(StringUtils.fromHexString(str))) {
                throw new InvalidLicenseSignatureException();
            }
            LOG.debug("License is verified.", new Object[0]);
        } catch (GeneralSecurityException e) {
            throw new LicenseViolationException("Failed to validate license.", e);
        }
    }

    private PublicKey readPublicKeyFromResources() {
        try {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(PUBLIC_KEY_FILE_NAME);
            try {
                if (resourceAsStream == null) {
                    throw new LicenseViolationException("Certificate not found.");
                }
                try {
                    PublicKey publicKey = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(resourceAsStream.readAllBytes())).getPublicKey();
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return publicKey;
                } catch (CertificateException e) {
                    throw new LicenseViolationException("Invalid X509 certificate.", e);
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new LicenseViolationException("Problem with reading a certificate.", e2);
        }
    }

    private static String cleanDataForSignature(Config config) {
        return config.root().render(ConfigRenderOptions.concise().setJson(false));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LicenseViolationInfo verifyLicenseViolation(Config config, Collection<LogicalNode> collection) {
        LicenseViolationInfo licenseViolationInfo = new LicenseViolationInfo();
        for (LicenseLimitChecker licenseLimitChecker : LicenseLimitChecker.values()) {
            licenseLimitChecker.check(config, licenseViolationInfo, collection);
        }
        return licenseViolationInfo;
    }

    static {
        $assertionsDisabled = !LicenseValidator.class.desiredAssertionStatus();
        LOG = Loggers.forClass(LicenseValidator.class);
    }
}
